diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index bfd3bd1e..5c4e46ce 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -22,6 +22,25 @@ jobs:
         with:
           fetch-depth: 0
 
+      -
+        name: GPG config
+        run: |
+          mkdir -p ~/.gnupg
+          cat << EOF >> ~/.gnupg/options
+          keyserver keys.openpgp.org
+          keyserver-options auto-key-retrieve
+          EOF
+
+      -
+        name: Verify tag signature
+        run: |
+          # NOTE: Solve the problem with Github action checkout https://github.com/actions/checkout/issues/290
+          git fetch --tags --force
+
+          version=${GITHUB_REF#refs/tags/*}
+          git show $version
+          git tag -v $version
+
       -
         name: Log into registry ${{ env.REGISTRY }}
         uses: docker/login-action@42d299face0c5c43a0487c477f595ac9cf22f1a7
diff --git a/CHANGELOG.md b/CHANGELOG.md
index dbd552ef..9c9baff8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,7 @@
 # [Unreleased]
 
+* Verify git tag on release (#347, @miry)
+
 # [2.3.0] - 2021-12-23
 
 * Store all the executable `main` packages in `cmd` folder. (#335, @miry)
diff --git a/README.md b/README.md
index 953e131e..95f391f6 100644
--- a/README.md
+++ b/README.md
@@ -605,11 +605,9 @@ For example, `shopify_test_redis_master` or `shopify_development_mysql_1`.
 
 ### Release
 
-1. Ensure this release has run internally for `Shopify/shopify` for at least a
-   day which is the best fuzzy test for robustness we have.
 1. Update `CHANGELOG.md`
 1. Change versions in `README.md`
-1. Commit, Tag, and Push
+1. Create a release commit and a signed tag.
 1. [Bump version for Homebrew](https://github.com/Shopify/homebrew-shopify/blob/master/toxiproxy.rb#L9)
 
 [blog]: https://shopifyengineering.myshopify.com/blogs/engineering/building-and-testing-resilient-ruby-on-rails-applications